0) //IF SOME FORM WAS POSTED DO VALIDATION { if (!get_magic_quotes_gpc()) { $fname=str_replace('$', '\$',addslashes($_REQUEST["fname"])); $lname=str_replace('$', '\$',addslashes($_REQUEST["lname"])); $email=str_replace('$', '\$',addslashes($_REQUEST["email"])); $url=str_replace('$', '\$',addslashes($_REQUEST["url"])); $title=str_replace('$', '\$',addslashes($_REQUEST["title"])); $comments=str_replace('$', '\$',addslashes($_REQUEST["comments"])); } else { $fname=str_replace('$', '\$',$_REQUEST["fname"]); $lname=str_replace('$', '\$',$_REQUEST["lname"]); $email=str_replace('$', '\$',$_REQUEST["email"]); $url=str_replace('$', '\$',$_REQUEST["url"]); $title=str_replace('$', '\$',$_REQUEST["title"]); $comments=str_replace('$', '\$',$_REQUEST["comments"]); } if ( strlen(trim($fname)) == 0 ) { $errs[$errcnt]="First Name must be provided"; $errcnt++; } elseif(preg_match ("/[;<>&]/", $_REQUEST["fname"])) { $errs[$errcnt]="First Name can not have any special character (e.g. & ; < >)"; $errcnt++; } if ( strlen(trim($lname)) == 0 ) { $errs[$errcnt]="Last Name must be provided"; $errcnt++; } elseif(preg_match ("/[;<>&]/", $_REQUEST["lname"])) { $errs[$errcnt]="Last Name can not have any special character (e.g. & ; < >)"; $errcnt++; } if ( strlen(trim($email)) == 0 ) { $errs[$errcnt]="Email must be provided"; $errcnt++; } elseif(preg_match ("/[;<>&]/", $_REQUEST["email"])) { $errs[$errcnt]="Email can not have any special character (e.g. & ; < >)"; $errcnt++; } if(preg_match ("/[;<>&]/", $_REQUEST["url"])) { $errs[$errcnt]="URL can not have any special character (e.g. & ; < >)"; $errcnt++; } if ( strlen(trim($title)) == 0 ) { $errs[$errcnt]="Title must be provided"; $errcnt++; } elseif(preg_match ("/[;<>&]/", $_REQUEST["title"])) { $errs[$errcnt]="Title can not have any special character (e.g. & ; < >)"; $errcnt++; } if ( strlen(trim($comments)) == 0 ) { $errs[$errcnt]="Comments/Feedback must be provided"; $errcnt++; } elseif(preg_match ("/[;<>&]/", $_REQUEST["comments"])) { $errs[$errcnt]="Comments/Feedback can not have any special character (e.g. & ; < >)"; $errcnt++; } if($errcnt==0) { mysql_query("INSERT INTO b2b_feedback (sb_fname,sb_lname,sb_email,sb_url,sb_title,sb_comments) VALUES('$fname','$lname','$email','$url','$title','$comments')"); if(mysql_affected_rows()>0) { //-------------- //SENDING MAIL TO MEMBER//////////////////////// $row_con=mysql_fetch_array(mysql_query("select * from b2b_config where sb_id=1")); $sb_null_char=$row_con["sb_null_char"]; $login_url=$row_con["sb_site_root"]."/signin.php"; $ondate=sb_date(date(time())); //Reads email to be sebt $sql = "SELECT * FROM b2b_mails where sb_mailid=10"; //echo $sql; $rs_query=mysql_query($sql); if ( $rs=mysql_fetch_array($rs_query) ) { $from =$rs["sb_fromid"]; $to = $email; $subject =$rs["sb_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; $body=str_replace("%email%", $sb_null_char,str_replace("%password%",$sb_null_char,str_replace("%lname%", $sb_null_char,str_replace("%fname%", $sb_null_char,str_replace("%username%",$sb_null_char, $rs["sb_mail"]) )))); $body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$comments,str_replace("%message_title%",$title,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$ondate,$body)))); $body=str_replace("%visitor_name%",$fname.' '.$lname,$body); if(isset($rs["sb_html_format"])&&($rs["sb_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","
",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $rs["sb_status"]=='yes') mail($to,$subject,$body,$header); } ////////////////////////////////////////////////////////// ///// Sending mail to admin //$rs0=mysql_fetch_array(mysql_query("select * from sbrrs_config where sbcfg_id=1")); //$login_url=$site_root[0]."/signinform.php"; //Reads email to be sebt $sql = "SELECT * FROM b2b_mails where sb_id=11"; $rs_query=mysql_query($sql); if ( $rs=mysql_fetch_array($rs_query) ) { $from =$rs["sb_fromid"]; $to = $row_con["sb_admin_email"]; $subject =$rs["sb_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; $body=str_replace("%email%", $sb_null_char,str_replace("%password%",$sb_null_char,str_replace("%lname%", $sb_null_char,str_replace("%fname%", $sb_null_char,str_replace("%username%",$sb_null_char, $rs["sb_mail"]) )))); $body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$comments,str_replace("%message_title%",$title,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$ondate,$body)))); $body=str_replace("%visitor_name%",$fname.' '.$lname,$body); if(isset($rs["sb_html_format"])&&($rs["sb_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","
",$body); } // echo "---$from---$to----$subject-----$header----"; // echo "
$body
"; // die(); if( $rs["sb_status"]=='yes') mail($to,$subject,$body,$header); } ///////////////////////////////////// //die(); //////---------- header("Location:"."gen_confirm.php?errmsg=".urlencode("Your message has been Forwarded to the Administrator we will very shortly get back to you.")); die(); } else { header("Location:"."gen_confirm.php?err=linktous&errmsg=".urlencode("Sorry, some error occurred and unable to send comments/feedback to Administrator.")); die(); } }//if no errs }//if posted function main() { global $errs, $errcnt; $fname=""; $lname=""; $email=""; $url=""; $title=""; $comments=""; if(count($_POST)>0) { $fname=$_POST["fname"]; $lname=$_POST["lname"]; $email=$_POST["email"]; $url=$_POST["url"]; $title=$_POST["title"]; $comments=$_POST["comments"]; } if (count($_POST)>0) { if ( $errcnt<>0 ) { ?>
 Your request cannot be processed due to following reasons
 1

 联络表单
 姓名
 单位
 邮箱
 网址  
 题目
 内容